reshuffle bind configuration

[mirror/dsa-puppet.git] / modules / named / manifests / init.pp

diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp
index 0c75aeb..719c0e7 100644 (file)
--- a/modules/named/manifests/init.pp
+++ b/modules/named/manifests/init.pp
@@ -17,6 +17,19 @@ class named {
                         refreshonly => true,
                         ;
         }
+        file {
+                "/var/log/bind9":
+                        ensure  => directory,
+                        owner   => bind,
+                        group   => bind,
+                        mode    => 775,
+                        ;
+        }
+        @ferm::rule { "dsa-bind":
+                domain          => "(ip ip6)",
+                description     => "Allow nameserver access",
+                rule            => "&TCP_UDP_SERVICE(53)"
+        }
 }
 
 # vim: set fdm=marker ts=8 sw=8 et: